<?php
$table=mysql_real_escape_string($table);
$q=$db->prepare("insert into $table (name) values (:name)");
$q->bindValue(':'.$column,$str);
$q->execute();
?>